NSA ceases bulk data collection

The National Security Agency has been collecting metadata, which is information such as phone numbers and duration of calls, since shortly after the attacks of September 11. The collection of this metadata has ceased as of November 28th. So what changed?

There is a new law in place, known as the USA Freedom Act of 2015. This law is being seen as a victory for privacy activists and tech companies looking to protect their user data. The USA Freedom Act of 2015 came about as a response to the revelations of Edward Snowden, a former NSA contractor that revealed the deep surveillance of the NSA on the American people. This new law prohibits the bulk collection of phone data previously done by the NSA. Although the agency won’t keep the bulk data, investigators will still have access to these types of records when they are investigating a particular person, or targeting specific groups. The existing metadata that has been captured during the last 5 years will be kept until next February 29th in order to ensure a smooth transition.

National Security Council spokesperson Ned Price stated that this new law, “struck a reasonable compromise which allows us to protect the country while implementing various reforms”.

Some have concerns, since the new law is going into effect so soon after the terrorist attacks in Paris. At a time when America is scaling back its surveillance, countries like England and France are considering new bills to enhance surveillance. Since American companies like Verizon would be involved, it may mean the creation of new treaties between Great Britain and the United States.  It is likely that this type of confounding circumstance will present itself more in the future due to the international nature of terrorism.

Article via ABAJournal, 30 November 2015

Photo: National Security Agency Seal via Donkey Hotey [Creative Commons Attribution-NonCommercial-NoDerivs]


Countries using spyware exposed

A Citizen Lab report released Thursday revealed that 33 countries are likely using FinFisher, a prominent spyware program. Many of these countries—including Ethiopia, Bangladesh, and Egypt—have suspect human rights standards.

FinFisher enables an organization or government to capture the keystrokes of a computer, as well as use the device’s microphone and camera to surreptitiously eavesdrop on a target. This type of surveillance tool was once only used by advanced governments, but is now available to anyone willing to invest in the service. In the U.S., journalists and dissidents are especially targeted.

Hackings in the past two years have informed researchers about the mechanics of spyware companies. FinFisher was hacked last year, revealing confidential company logistics, and its competitor Hacking Team was hacked this past year, exposing vital emails and files. Errors in spyware servers help Citizen Lab researchers figure out which governments are using the services of companies like FinFisher or Hacking Team.

Spyware servers used by governments often infect and control target computers with malware disguised behind proxies. Researchers found that 135 servers matched the “technical fingerprint” of shady spyware after scanning the Internet, yet they were always directed to a decoy page after typing the server’s Internet address into a Web browser. The decoy pages were most often www.google.com or www.yahoo.com.

However, the decoy sites showed local search results of the server’s origin, and not of the location that the researchers were in when they used the site. One proxy server seemed to be from the United States, then returned an IP address from Indonesia, indicating that the country’s government may be using FinFisher’s services.

Article via The Washington Post, 16 October 2015

Photo: Patrons use computers in an internet cafe via World Bank Photo Collection [Creative Commons Attribution-NonCommercial-NoDerivs]


Snowden wants to come back to the US, and willing to go to jail

Edward Snowden fled the US in 2013 after leaking classified documents to reporters. These documents revealed domestic surveillance by the NSA on United States citizens and ignited outrage and debate about security and surveillance. To escape arrest, Snowden left the country and resides in Russia, where he has been since 2013. Now he wants to come back home.

In an interview that aired Monday with the BBC, Snowden says that he has offered to go to jail in exchange for coming home, but has not received a response from the government. He stated, “I’ve volunteered to go to prison with the government many times”. He continues saying that “what I won’t do is I won’t serve as a deterrent to people trying to do the right thing in difficult situations.” This echoes a sentiment that he expressed in a Wired interview in 2014 where he said that he wouldn’t mind going to jail as long as his sentence “serves the right purpose.”

Snowden has been charged with 3 felonies in accordance to the Espionage act that  carry a sentence of over 30 years. His lawyers have objected to Snowden returning to the US because they believe that a trial with charges under the espionage act would not be fair. “The Espionage Act finds anyone guilty who provides any information to the public, regardless of whether it is right or wrong,” Snowden told the BBC. “You aren’t even allowed to explain to a jury what your motivations were for revealing this information. It is simply a question of, ‘Did you reveal information?’ If yes, you go to prison for the rest of your life.”

There continues to be ongoing debate as to whether Snowden is a patriot or a traitor. Those who see his actions as an act of patriotism have called for President Obama to grant Snowden a full pardon. But, when Secretary of State John Kerry visited Moscow in 2013 he called Snowden a traitor and a coward. Former Attorney General Eric Holder has indicated that a plea deal could be possible that can met the request of both the government and Snowden.

In the meantime, Snowden continues to use his status to speak out about issues of security and surveillance.

Article via TechCrunch, 6 October 2015

Photo: snowden via duluoz cats[Creative Commons Attribution-NonCommercial-NoDerivs]


Tech companies protect against government surveillance

The best protection against widespread government surveillance now comes from major tech companies, including those accused of collecting mass amounts of data to sell to other companies seeking targeted advertising.

The FBI has accused Apple of aiding criminals by offering default encryption in the new iPhones it sells. Government reproach is also directed towards Google, which is offering the same encryption for its new Android phones. However, the majority of Americans are grateful for the tech companies’ new developments; a recent Pew survey found that 65 percent of people believe that there aren’t enough limits on government surveillance.

Smartphone encryption is not the only guard against surveillance, either. Google and Yahoo announced that they’re both working on end-to-end encryption in email, and Facebook was established on a Tor hidden services site so that people with access to network traffic can’t access user data.

Encryption tools are generally difficult to operate, and thus only tech-savvy users have been able to achieve full privacy. As a result, anyone using encryption tools was unique and therefore suspicious to government officials. With new integrated encryption, privacy will be more universal, and those previously using encryption systems will be better camouflaged.

Articles: The Center for Internet and Society, September 9, 2015

Photo: DC Ralley Against Mass Surveillance via Susan Melkisethian [Creative Commons Attribution-NonCommercial-NoDerivs]


Hacking Team’s clientele- corrupt governments

In July of 2015, 400 gigabytes of documents outlining the dealings of spyware company Hacking Team were released. The for-profit surveillance firm was found to work with oppressive regimes across the globe, including those of Russia, Ethiopia, Azerbaijan, Kazakhstan, Vietnam, Saudi Arabia, and Sudan. Also benefiting from the company’s exploitive surveillance tools is the US Bureau of Investigation, which has spent $775,000 on Hacking Team tools since 2011.

Hacking Team’s abilities are expansive. The firm can steal pre-encrypted data and passwords typed in Web browsers, as well as activate the microphone and camera on a target device. Users of Google Play and Apple stores may also be activating surveillance malware coded by Hacking Team.

Privacy and human rights advocates are outraged by the lack of legislation regulating firms like Hacking Team and its rival Gamma International, but regulation can be tricky. Badly drafted export controls could create red tape for journalists to circumvent when trying to access communications mechanisms or antivirus software. Syrian activists, for example, have cited American export controls as one of the leading obstacles of installing anti-surveillance software on phones and computers to protect their communications from the Assad regime.

The discussion is subtle, as it must take into account the personal liberties of global citizens, the dynamic nature of the technology industry, and the diverse interests of country governments.

Article via Committee to Protect JournalistsJuly 13, 2015

Photo: On the Phone via Artform Canada [Creative Commons Attribution-NonCommercial-NoDerivs]